﻿using System;
using System.Data;
using System.Data.SqlClient;

namespace LsoaClass.SystemMaintain
{
    public class UserClass : LsDBClass
    {
        /// <summary>
        /// 操作员登录
        /// </summary>
        /// <param name="systemID">系统帐号</param>
        /// <param name="systemPassword">系统密码</param>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="operatorPassword">操作员密码</param>
        /// <param name="operatorIP">操作员IP地址</param>
        /// <param name="sessionStr">Session字符串</param>
        /// <param name="branchNo">机构编号</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string login(string systemID, string systemPassword, string operatorID, string operatorPassword, string operatorIP, out string sessionStr, out int branchNo)
        {
            sessionStr = "||";
            branchNo = -1;
            UAPCallResult sysRet = new UAPCallResult();
            sysRet.RetStr = SystemClass.checkSystemCode();
            if (sysRet.Code == 0 || sysRet.Code == 10120003 || operatorID == "admin")
            {
                DBClass dbc = new DBClass();
                try
                {
                    SqlCommand cmd = dbc.getSqlCommand("OperatorLogin");
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@SystemID", systemID);
                    cmd.Parameters.AddWithValue("@SystemPassword", CommonFunc.sha1Encrypt(systemID + systemPassword));
                    cmd.Parameters.AddWithValue("@OperatorID", operatorID.ToLower());
                    cmd.Parameters.AddWithValue("@OperatorPassword", CommonFunc.sha1Encrypt(operatorID.ToLower() + operatorPassword));
                    cmd.Parameters.AddWithValue("@OperatorIP", operatorIP);
                    cmd.Parameters.Add("@SessionID", SqlDbType.VarChar, 50);
                    cmd.Parameters.Add("@BranchNo", SqlDbType.Int);
                    cmd.Parameters.Add("@RetStr", SqlDbType.NVarChar, 50);
                    cmd.Parameters["@SessionID"].Direction = ParameterDirection.Output;
                    cmd.Parameters["@BranchNo"].Direction = ParameterDirection.Output;
                    cmd.Parameters["@RetStr"].Direction = ParameterDirection.Output;
                    cmd.ExecuteNonQuery();
                    funResult.RetStr = cmd.Parameters["@RetStr"].Value.ToString();
                    if (funResult.Code == 0)
                    {
                        sessionStr = CommonFunc.desEncrypt(cmd.Parameters["@SessionID"].Value.ToString() + "|" + operatorID.ToLower() + "|" + systemID, CommonFunc.EncryptKey);
                        branchNo = Convert.ToInt32(cmd.Parameters["@BranchNo"].Value.ToString());
                        if (sysRet.Code == 10120003)
                            funResult.RetStr = sysRet.RetStr;
                    }
                }
                catch (Exception ex)
                {
                    funResult.Code = 13120000;
                    funResult.Msg = "登录失败。" + ex.Message;
                }
                finally
                {
                    dbc.close();
                }
            }
            else
            {
                funResult.RetStr = sysRet.RetStr;
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 用户退出
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string logout(string userID)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    if @UserID = 'admin'
                    begin
	                    update SystemConfig_T set Setting = null where ParamName = 'ADMIN_SESSIONID'
	                    update SystemConfig_T set Setting = null where ParamName = 'ADMIN_SESSION_TIME'
                    end else
	                    update User_T set SessionID = null, SessionTime = null where UserID = @UserID");
                cmd.Parameters.AddWithValue("@UserID", userID);
                cmd.ExecuteNonQuery();
                funResult.Code = 0;
                funResult.Msg = "退出成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "退出失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 检查操作员的SessionStr是否有效，并更新其时间
        /// </summary>
        /// <param name="sessionStr">Session字符串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string checkSession(string sessionStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("CheckSession");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@OperatorID", SessionKey.getOperatorID(sessionStr));
                cmd.Parameters.AddWithValue("@SessionID", SessionKey.getSessionID(sessionStr));
                cmd.Parameters.Add("@RetStr", SqlDbType.NVarChar, 50);
                cmd.Parameters["@RetStr"].Direction = ParameterDirection.Output;
                cmd.ExecuteNonQuery();
                funResult.RetStr = cmd.Parameters["@RetStr"].Value.ToString();
            }
            catch (Exception ex)
            {
                funResult.Code = 11120000;
                funResult.Msg = "验证失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 判断操作员权限
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="funcCode">功能编号</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string checkPower(string operatorID, string funcCode)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("CheckPower");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                cmd.Parameters.AddWithValue("@FuncCode", funcCode);
                cmd.Parameters.Add("@HasPower", SqlDbType.Bit);
                cmd.Parameters["@HasPower"].Direction = ParameterDirection.Output;
                cmd.ExecuteNonQuery();
                bool hasPower = Convert.ToBoolean(cmd.Parameters["@HasPower"].Value.ToString());
                if (hasPower)
                {
                    funResult.Code = 0;
                    funResult.Msg = "权限验证通过。";
                }
                else
                {
                    funResult.Code = 12120001;
                    funResult.Msg = "没有权限。";
                }
            }
            catch (Exception ex)
            {
                funResult.Code = 12120000;
                funResult.Msg = "权限验证失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取用户信息列表
        /// </summary>
        /// <param name="userState">用户状态。0表示正常，1表示已删除，2表示已停用</param>
        /// <param name="keyword">关键字</param>
        /// <param name="pageSize">每页的记录数</param>
        /// <param name="currentPage">当前页码</param>
        /// <param name="pageCount">总页数</param>
        /// <param name="recCount">总记录数</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string list(int userState, string keyword, int pageSize, int currentPage, out int pageCount, out int recCount, out DataSet ds)
        {
            pageCount = 0;
            recCount = 0;
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                string strsql = "select a.UserID, a.UserName, b.Name as BranchDeptName, a.Sex, a.Mobile, a.Phone, a.Duty, a.Email from User_T a left join BranchDept_T b on isnull(a.DeptNo, a.BranchNo) = b.No where a.UserState = " + userState.ToString();
                if (keyword != "")
                    strsql += " and (a.UserID like '%" + keyword + "%' or a.UserName like '%" + keyword + "%')";
                strsql += " order by b.OrderNo, a.OrderNo";
                ds = dbc.getPageDataSet(pageSize, currentPage, strsql, out recCount, out pageCount);
                funResult.Code = 0;
                funResult.Msg = "获取用户信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取用户信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 根据机构部门获取用户信息列表
        /// </summary>
        /// <param name="no">机构部门编号</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string listByBranchDept(int no, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                string strsql = "select UserID, UserName from User_T where UserState in (0,2) and isnull(DeptNo, BranchNo) = " + no.ToString() + " order by OrderNo";
                ds = dbc.getDataSetBySql(strsql);
                funResult.Code = 0;
                funResult.Msg = "获取用户信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取用户信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取机构部门、用户信息列表
        /// </summary>
        /// <param name="no">机构部门编号</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string branchDeptUserTree(int no, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("GetBranchDeptUserTree");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@BranchDeptNo", no);
                ds = dbc.getDataSetBySqlCommand(cmd);
                funResult.Code = 0;
                funResult.Msg = "获取机构部门、用户信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取机构部门、用户信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取用户信息
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="fields">获取字段字符串</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string getInfo(string userID, string fields, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                string strsql = "select " + fields + " from User_T a inner join UserOther_T b on a.UserID = b.UserID where a.UserID = '" + userID + "'";
                ds = dbc.getDataSetBySql(strsql);
                funResult.Code = 0;
                funResult.Msg = "获取用户信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取用户信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 增加用户基本信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userID">用户帐号</param>
        /// <param name="userName">用户姓名</param>
        /// <param name="branchNo">机构编号</param>
        /// <param name="deptNo">部门编号</param>
        /// <param name="sex">性别</param>
        /// <param name="mobile">手机号码</param>
        /// <param name="phone">电话号码</param>
        /// <param name="duty">职务</param>
        /// <param name="email">电子邮箱</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string add(string operatorID, string userID, string userName, string branchNo, string deptNo, string sex, string mobile, string phone, string duty, string email)
        {
            funResult.RetStr = SystemClass.checkSystemCode();  //检查系统注册码，防止被破解
            if (funResult.Code == 0 || funResult.Code == 10120003)
            {
                DBClass dbc = new DBClass();
                try
                {
                    SqlCommand cmd = dbc.getSqlCommand(@"
                        declare @RetStr nvarchar(50), @Log nvarchar(50)
                        declare @UserState int, @OrderNo varchar(50), @MaxOrderNo varchar(50)
                        if (select count(*) from User_T where UserState <> 1) = (select Setting from SystemConfig_T where ParamName = 'USER_LIMIT')
                            set @RetStr = '15120000|系统人数上限已到，请与管理员联系。'
                        else if @UserID = 'admin'
                            set @RetStr = '15120001|该用户帐号已存在。'
                        else
                        begin
                            select @UserState = UserState from User_T where UserID = @UserID
                            if @@rowcount = 0
                            begin
	                            if @DeptNo is null
	                            begin
		                            select @OrderNo = OrderNo from BranchDept_T where No = @BranchNo
		                            select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where BranchNo = @BranchNo and DeptNo is null and UserState <> 1
	                            end else
	                            begin
		                            select @OrderNo = OrderNo from BranchDept_T where No = @DeptNo
		                            select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where DeptNo = @DeptNo and UserState <> 1
	                            end
	                            if @MaxOrderNo is null
		                            set @MaxOrderNo = 50000
	                            else
		                            set @MaxOrderNo = @MaxOrderNo + 1
	                            set @OrderNo = @OrderNo + @MaxOrderNo
	                            insert into User_T(UserID, UserName, Password, BranchNo, DeptNo, Sex, Mobile, Phone, Duty, Email, OrderNo, Creater)
		                            values(@UserID, @UserName, @Password, @BranchNo, @DeptNo, @Sex, @Mobile, @Phone, @Duty, @Email, @OrderNo, @OperatorID) 
	                            set @Log = '增加用户信息。（帐号：' + @UserID + '，用户名：' + @UserName + '）'
	                            exec RecordLog @OperatorID, @Log
	                            set @RetStr = '0|增加用户基本信息成功。'
                            end else
                            begin
	                            if @UserState = 1
		                            set @RetStr = '15120002|该用户帐号已删除，您可以将其恢复。'
	                            else
		                            set @RetStr = '15120001|该用户帐号已存在。'
                            end
                        end
                        select @RetStr");
                    cmd.Parameters.AddWithValue("@UserID", userID.ToLower());
                    cmd.Parameters.AddWithValue("@UserName", userName);
                    cmd.Parameters.AddWithValue("@Password", CommonFunc.sha1Encrypt(userID.ToLower() + "888888"));
                    cmd.Parameters.AddWithValue("@BranchNo", branchNo);
                    if (deptNo != "")
                        cmd.Parameters.AddWithValue("@DeptNo", deptNo);
                    else
                        cmd.Parameters.AddWithValue("@DeptNo", DBNull.Value);
                    cmd.Parameters.AddWithValue("@Sex", sex);
                    cmd.Parameters.AddWithValue("@Mobile", mobile);
                    cmd.Parameters.AddWithValue("@Phone", phone);
                    cmd.Parameters.AddWithValue("@Duty", duty);
                    cmd.Parameters.AddWithValue("@Email", email);
                    cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                    funResult.RetStr = Convert.ToString(cmd.ExecuteScalar());
                }
                catch (Exception ex)
                {
                    funResult.Code = 13120000;
                    funResult.Msg = "增加用户基本信息失败。" + ex.Message;
                }
                finally
                {
                    dbc.close();
                }
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 增加用户详细信息
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="empNo">工号</param>
        /// <param name="born">出生日期</param>
        /// <param name="folk">民族</param>
        /// <param name="idCard">身份证</param>
        /// <param name="marriage">婚姻</param>
        /// <param name="address">地址</param>
        /// <param name="native">籍贯</param>
        /// <param name="zip">邮政编码</param>
        /// <param name="homePhone">家庭电话</param>
        /// <param name="fax">传真</param>
        /// <param name="maturity">职称</param>
        /// <param name="highest">最高学历</param>
        /// <param name="prof">专业</param>
        /// <param name="school">毕业学校</param>
        /// <param name="political">政治面貌</param>
        /// <param name="resume">简历</param>
        /// <param name="skill">技能</param>
        /// <param name="bak1">备注字段1</param>
        /// <param name="bak2">备注字段2</param>
        /// <param name="bak3">备注字段3</param>
        /// <param name="bak4">备注字段4</param>
        /// <param name="bak5">备注字段5</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string addOther(string userID, string empNo, string born, string folk, string idCard, string marriage, string address, string native, string zip, string homePhone, string fax, string maturity, string highest, string prof, string school, string political, string resume, string skill, string bak1, string bak2, string bak3, string bak4, string bak5)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    insert into UserOther_T(UserID, EmpNo, Born, Folk, IDCard, Marriage, Address, Native, Zip, HomePhone, Fax, Maturity, Highest, Prof, School, Political, Resume, Skill, Bak1, Bak2, Bak3, Bak4, Bak5)
	                    values(@UserID, @EmpNo, @Born, @Folk, @IDCard, @Marriage, @Address, @Native, @Zip, @HomePhone, @Fax, @Maturity, @Highest, @Prof, @School, @Political, @Resume, @Skill, @Bak1, @Bak2, @Bak3, @Bak4, @Bak5)");
                cmd.Parameters.AddWithValue("@UserID", userID.ToLower());
                cmd.Parameters.AddWithValue("@EmpNo", empNo);
                if (born != "")
                    cmd.Parameters.AddWithValue("@Born", born);
                else
                    cmd.Parameters.AddWithValue("@Born", DBNull.Value);
                cmd.Parameters.AddWithValue("@Folk", folk);
                cmd.Parameters.AddWithValue("@IDCard", idCard);
                cmd.Parameters.AddWithValue("@Marriage", marriage);
                cmd.Parameters.AddWithValue("@Address", address);
                cmd.Parameters.AddWithValue("@Native", native);
                cmd.Parameters.AddWithValue("@Zip", zip);
                cmd.Parameters.AddWithValue("@HomePhone", homePhone);
                cmd.Parameters.AddWithValue("@Fax", fax);
                cmd.Parameters.AddWithValue("@Maturity", maturity);
                cmd.Parameters.AddWithValue("@Highest", highest);
                cmd.Parameters.AddWithValue("@Prof", prof);
                cmd.Parameters.AddWithValue("@School", school);
                cmd.Parameters.AddWithValue("@Political", political);
                cmd.Parameters.AddWithValue("@Resume", resume);
                cmd.Parameters.AddWithValue("@Skill", skill);
                cmd.Parameters.AddWithValue("@Bak1", bak1);
                cmd.Parameters.AddWithValue("@Bak2", bak2);
                cmd.Parameters.AddWithValue("@Bak3", bak3);
                cmd.Parameters.AddWithValue("@Bak4", bak4);
                cmd.Parameters.AddWithValue("@Bak5", bak5);
                cmd.ExecuteNonQuery();
                funResult.Code = 0;
                funResult.Msg = "增加用户详细信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "增加用户详细信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 修改用户基本信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userID">用户帐号</param>
        /// <param name="userName">用户姓名</param>
        /// <param name="branchNo">机构编号</param>
        /// <param name="deptNo">部门编号</param>
        /// <param name="sex">性别</param>
        /// <param name="mobile">手机号码</param>
        /// <param name="phone">电话号码</param>
        /// <param name="duty">职务</param>
        /// <param name="email">电子邮箱</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string modify(string operatorID, string userID, string userName, string branchNo, string deptNo, string sex, string mobile, string phone, string duty, string email)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    declare @OldBranchNo int, @OldDeptNo int, @OldOrderNo varchar(50)
                    declare @OrderNo varchar(50), @MaxOrderNo varchar(50) 
                    select @OldBranchNo = BranchNo, @OldDeptNo = isnull(DeptNo, ''), @OldOrderNo = OrderNo from User_T where UserID = @UserID 
                    if @DeptNo is not null and @DeptNo <> @OldDeptNo  --部门发生变化
                    begin
	                    select @OrderNo = OrderNo from BranchDept_T where No = @DeptNo
	                    select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where DeptNo = @DeptNo and UserState <> 1
	                    if @MaxOrderNo is null
		                    set @MaxOrderNo = 50000
	                    else
		                    set @MaxOrderNo = @MaxOrderNo + 1
                    end else if @DeptNo is null and (isnull(@DeptNo, '') <> @OldDeptNo or @BranchNo <> @OldBranchNo)  --机构发生变化
                    begin
	                    select @OrderNo = OrderNo from BranchDept_T where No = @BranchNo
	                    select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where BranchNo = @BranchNo and DeptNo is null and UserState <> 1
	                    if @MaxOrderNo is null
		                    set @MaxOrderNo = 50000
	                    else
		                    set @MaxOrderNo = @MaxOrderNo + 1
                    end
                    if @MaxOrderNo is not null  --机构或部门发生变化
	                    set @OrderNo = @OrderNo + @MaxOrderNo
                    else
	                    set @OrderNo = @OldOrderNo
                    update User_T set UserName = @UserName, BranchNo = @BranchNo, DeptNo = @DeptNo, Sex = @Sex, Mobile = @Mobile, Phone = @Phone,
	                    Duty = @Duty, Email = @Email, OrderNo = @OrderNo where UserID = @UserID");                
                cmd.Parameters.AddWithValue("@UserName", userName);
                cmd.Parameters.AddWithValue("@BranchNo", branchNo);
                if (deptNo != "")
                    cmd.Parameters.AddWithValue("@DeptNo", deptNo);
                else
                    cmd.Parameters.AddWithValue("@DeptNo", DBNull.Value);
                cmd.Parameters.AddWithValue("@Sex", sex);
                cmd.Parameters.AddWithValue("@Mobile", mobile);
                cmd.Parameters.AddWithValue("@Phone", phone);
                cmd.Parameters.AddWithValue("@Duty", duty);
                cmd.Parameters.AddWithValue("@Email", email);
                cmd.Parameters.AddWithValue("@UserID", userID);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "修改用户信息。（帐号：" + userID + "，用户名：" + userName + "）");
                funResult.Code = 0;
                funResult.Msg = "修改用户基本信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "修改用户基本信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 修改用户详细信息
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="empNo">工号</param>
        /// <param name="born">出生日期</param>
        /// <param name="folk">民族</param>
        /// <param name="idCard">身份证</param>
        /// <param name="marriage">婚姻</param>
        /// <param name="address">地址</param>
        /// <param name="native">籍贯</param>
        /// <param name="zip">邮政编码</param>
        /// <param name="homePhone">家庭电话</param>
        /// <param name="fax">传真</param>
        /// <param name="maturity">职称</param>
        /// <param name="highest">最高学历</param>
        /// <param name="prof">专业</param>
        /// <param name="school">毕业学校</param>
        /// <param name="political">政治面貌</param>
        /// <param name="resume">简历</param>
        /// <param name="skill">技能</param>
        /// <param name="bak1">备注字段1</param>
        /// <param name="bak2">备注字段2</param>
        /// <param name="bak3">备注字段3</param>
        /// <param name="bak4">备注字段4</param>
        /// <param name="bak5">备注字段5</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string modifyOther(string userID, string empNo, string born, string folk, string idCard, string marriage, string address, string native, string zip, string homePhone, string fax, string maturity, string highest, string prof, string school, string political, string resume, string skill, string bak1, string bak2, string bak3, string bak4, string bak5)
        { 
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    update UserOther_T set EmpNo = @EmpNo, Born = @Born, Folk = @Folk, IDCard = @IDCard, Marriage = @Marriage, Address = @Address, Native = @Native, Zip = @Zip, 
	                    HomePhone = @HomePhone, Fax = @Fax, Maturity = @Maturity, Highest = @Highest, Prof = @Prof, School = @School, Political = @Political, Resume = @Resume, 
	                    Skill = @Skill, Bak1 = @Bak1, Bak2 = @Bak2, Bak3 = @Bak3, Bak4 = @Bak4, Bak5 = @Bak5 where UserID = @UserID");                
                cmd.Parameters.AddWithValue("@EmpNo", empNo);
                if (born != "")
                    cmd.Parameters.AddWithValue("@Born", born);
                else
                    cmd.Parameters.AddWithValue("@Born", DBNull.Value);
                cmd.Parameters.AddWithValue("@Folk", folk);
                cmd.Parameters.AddWithValue("@IDCard", idCard);
                cmd.Parameters.AddWithValue("@Marriage", marriage);
                cmd.Parameters.AddWithValue("@Address", address);
                cmd.Parameters.AddWithValue("@Native", native);
                cmd.Parameters.AddWithValue("@Zip", zip);
                cmd.Parameters.AddWithValue("@HomePhone", homePhone);
                cmd.Parameters.AddWithValue("@Fax", fax);
                cmd.Parameters.AddWithValue("@Maturity", maturity);
                cmd.Parameters.AddWithValue("@Highest", highest);
                cmd.Parameters.AddWithValue("@Prof", prof);
                cmd.Parameters.AddWithValue("@School", school);
                cmd.Parameters.AddWithValue("@Political", political);
                cmd.Parameters.AddWithValue("@Resume", resume);
                cmd.Parameters.AddWithValue("@Skill", skill);
                cmd.Parameters.AddWithValue("@Bak1", bak1);
                cmd.Parameters.AddWithValue("@Bak2", bak2);
                cmd.Parameters.AddWithValue("@Bak3", bak3);
                cmd.Parameters.AddWithValue("@Bak4", bak4);
                cmd.Parameters.AddWithValue("@Bak5", bak5);
                cmd.Parameters.AddWithValue("@UserID", userID);
                cmd.ExecuteNonQuery();
                funResult.Code = 0;
                funResult.Msg = "修改用户详细信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "修改用户详细信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 上传用户照片
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userID">用户帐号</param>
        /// <param name="photoType">相片类型</param>
        /// <param name="photoData">相片数据</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string uploadPhoto(string operatorID, string userID, string photoType, byte[] photoData)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("update UserOther_T set PhotoType = @PhotoType, PhotoVersion = PhotoVersion + 1, Photo = @Photo where UserID = @UserID");                
                cmd.Parameters.Add(new SqlParameter("@Photo", SqlDbType.Image));
                if (photoData.Length > 0)
                {
                    cmd.Parameters.AddWithValue("@PhotoType", photoType);
                    cmd.Parameters["@Photo"].Value = photoData;
                }
                else
                {
                    cmd.Parameters.AddWithValue("@PhotoType", DBNull.Value);
                    cmd.Parameters["@Photo"].Value = DBNull.Value;
                }
                cmd.Parameters.AddWithValue("@UserID", userID);
                cmd.ExecuteNonQuery();
                if (photoData.Length > 0)
                    SystemClass.recordLog(operatorID, "上传用户照片。（帐号：" + userID + "）");
                else
                    SystemClass.recordLog(operatorID, "删除用户照片。（帐号：" + userID + "）");
                funResult.Code = 0;
                if (photoData.Length > 0)
                    funResult.Msg = "上传用户照片成功。";
                else
                    funResult.Msg = "删除用户照片成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                if (photoData.Length > 0)
                    funResult.Msg = "上传用户照片失败。" + ex.Message;
                else
                    funResult.Msg = "删除用户照片失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 下载用户照片
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="photoData">用户照片</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string downloadPhoto(string userID, out byte[] photoData)
        {
            photoData = null;
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("select Photo from UserOther_T where UserID = @UserID");
                cmd.Parameters.AddWithValue("@UserID", userID);
                SqlDataReader dr = cmd.ExecuteReader();
                if (dr.Read())
                {
                    if (dr["Photo"] == DBNull.Value)
                        photoData = new byte[0];
                    else
                        photoData = (byte[])dr["Photo"];
                }
                dr.Close();
                funResult.Code = 0;
                funResult.Msg = "下载用户照片成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "下载用户照片失败。" + ex.Message;               
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 修改用户密码
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userID">用户帐号</param>
        /// <param name="oldPassword">旧密码（如果为空，则不验证）</param>
        /// <param name="newPassword">新密码</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string setPassword(string operatorID, string userID, string oldPassword, string newPassword)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    declare @RetStr nvarchar(50), @Log nvarchar(50)
                    if @UserID = 'admin'
                    begin
	                    if (@OldPassword <> '') and not exists (select * from SystemConfig_T where ParamName = 'ADMIN_PASSWORD' and Setting = @OldPassword)
		                    set @RetStr = '15120000|旧密码错误。'
	                    else
		                    update SystemConfig_T set Setting = @NewPassword where ParamName = 'ADMIN_PASSWORD'
                    end else
                    begin
	                    if (@OldPassword <> '') and not exists (select * from User_T where UserID = @UserID and Password = @OldPassword)
		                    set @RetStr = '15120000|旧密码错误。'
	                    else
		                    update User_T set Password = @NewPassword where UserID = @UserID
                    end
                    if isnull(@RetStr, '') = ''
                    begin
	                    set @Log = '修改用户密码。（帐号：' + @UserID + '）'
	                    exec RecordLog @OperatorID, @Log
	                    set @RetStr = '0|修改用户密码成功。'
                    end
                    select @RetStr");
                cmd.Parameters.AddWithValue("@UserID", userID.ToLower());
                if (oldPassword != "")
                    cmd.Parameters.AddWithValue("@OldPassword", CommonFunc.sha1Encrypt(userID + oldPassword));
                else
                    cmd.Parameters.AddWithValue("@OldPassword", "");
                cmd.Parameters.AddWithValue("@NewPassword", CommonFunc.sha1Encrypt(userID + newPassword));
                cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                funResult.RetStr = Convert.ToString(cmd.ExecuteScalar());
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "修改用户密码失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 删除用户信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userIDStr">用户帐号字符串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string delete(string operatorID, string userIDStr)
        { 
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("UserDelete");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@UserIDStr", userIDStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "删除用户信息。（帐号：" + userIDStr + "）");
                funResult.Code = 0;
                funResult.Msg = "删除用户信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "删除用户信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 恢复用户帐号
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userID">用户帐号</param>
        /// <param name="branchNo">机构编号</param>
        /// <param name="deptNo">部门编号</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string recover(string operatorID, string userID, string branchNo, string deptNo)
        {
            funResult.RetStr = SystemClass.checkSystemCode();  //检查系统注册码，防止被破解
            if (funResult.Code == 0 || funResult.Code == 10120003)
            {
                DBClass dbc = new DBClass();
                try
                {
                    SqlCommand cmd = dbc.getSqlCommand(@"
                        declare @RetStr nvarchar(50), @Log nvarchar(50)
                        declare @OrderNo varchar(50), @MaxOrderNo varchar(50)
                        if (select count(*) from User_T where UserState <> 1) = (select Setting from SystemConfig_T where ParamName = 'USER_LIMIT')
                        begin
                            set @RetStr = '15120000|系统人数上限已到，请与管理员联系。'
                        end else
                        begin                            
                            if @DeptNo is null
                            begin
	                            select @OrderNo = OrderNo from BranchDept_T where No = @BranchNo
	                            select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where BranchNo = @BranchNo and DeptNo is null and UserState <> 1
                            end else
                            begin
	                            select @OrderNo = OrderNo from BranchDept_T where No = @DeptNo
	                            select @MaxOrderNo = max(right(OrderNo, 5)) from User_T where DeptNo = @DeptNo and UserState <> 1
                            end
                            if @MaxOrderNo is null
	                            set @MaxOrderNo = 50000
                            else
	                            set @MaxOrderNo = @MaxOrderNo + 1
                            set @OrderNo = @OrderNo + @MaxOrderNo
                            update User_T set BranchNo = @BranchNo, DeptNo = @DeptNo, OrderNo = @OrderNo, UserState = 0 where UserID = @UserID
                            set @Log = '恢复用户帐号。（帐号：' + @UserID + '）'
                            exec RecordLog @OperatorID, @Log
                            set @RetStr = '0|恢复用户帐号成功。'                            
                        end
                        select @RetStr");
                    cmd.Parameters.AddWithValue("@UserID", userID);
                    cmd.Parameters.AddWithValue("@BranchNo", branchNo);
                    if (deptNo != "")
                        cmd.Parameters.AddWithValue("@DeptNo", deptNo);
                    else
                        cmd.Parameters.AddWithValue("@DeptNo", DBNull.Value);
                    cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                    funResult.RetStr = Convert.ToString(cmd.ExecuteScalar());
                }
                catch (Exception ex)
                {
                    funResult.Code = 13120000;
                    funResult.Msg = "恢复用户帐号失败。" + ex.Message;
                }
                finally
                {
                    dbc.close();
                }
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 启用/停用用户帐号
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userIDStr">用户帐号字符串</param>
        /// <param name="enabled">启用/停用</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string enable(string operatorID, string userIDStr, bool enabled)
        {
            DBClass dbc = new DBClass();
            try
            {
                if (enabled)
                {
                    dbc.executeSqlCommand("update User_T set UserState = 0 where UserID in ('" + userIDStr.Replace(",", "','") + "')");
                    SystemClass.recordLog(operatorID, "启用用户帐号。（帐号：" + userIDStr + "）");
                    funResult.Code = 0;
                    funResult.Msg = "启用用户帐号成功。";
                }
                else
                {
                    dbc.executeSqlCommand("update User_T set UserState = 2 where UserID in ('" + userIDStr.Replace(",", "','") + "')");
                    SystemClass.recordLog(operatorID, "停用用户帐号。（帐号：" + userIDStr + "）");
                    funResult.Code = 0;
                    funResult.Msg = "停用用户帐号成功。";
                }
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                if (enabled)
                    funResult.Msg = "启用用户帐号失败。" + ex.Message;
                else
                    funResult.Msg = "停用用户帐号失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 调整用户顺序
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userIDStr">用户帐号字符串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string adjustSequence(string operatorID, string userIDStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    declare @UserIDStr nvarchar(max), @UserID nvarchar(50) 
                    declare @Pos int, @I int
                    set @UserIDStr = @UserIDStrValue + ','
                    set @I = 50000
                    while charindex(',', @UserIDStr) > 0
                    begin
                        set @Pos = charindex(',', @UserIDStr)
                        set @UserID = substring(@UserIDStr, 1, @Pos - 1)
	                    update User_T set OrderNo = left(OrderNo, len(OrderNo) - 5) + convert(varchar(50), @I) where UserID = @UserID
	                    set @I = @I + 1
                        set @UserIDStr = substring(@UserIDStr, @Pos + 1, len(@UserIDStr) - @Pos)
                    end");
                cmd.Parameters.AddWithValue("@UserIDStrValue", userIDStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "调整用户顺序。（帐号：" + userIDStr + "）");
                funResult.Code = 0;
                funResult.Msg = "调整用户顺序成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "调整用户顺序失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取用户角色列表
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="ds">返回数据集合</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string userRoleList(string userID, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                ds = dbc.getDataSetBySql("select * from UserRole_T where UserID = '" + userID + "'");
                funResult.Code = 0;
                funResult.Msg = "获取用户角色列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取用户角色列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 保存用户角色关系信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userIDStr">用户帐号串</param>
        /// <param name="roleIDStr">角色ID串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string saveUserRole(string operatorID, string userIDStr, string roleIDStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("SaveUserRole");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@UserIDStr", userIDStr);
                cmd.Parameters.AddWithValue("@RoleIDStr", roleIDStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "保存用户角色关系信息。（用户帐号：" + userIDStr + "，角色ID：" + roleIDStr + "）");
                funResult.Code = 0;
                funResult.Msg = "保存用户角色关系信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "保存用户角色关系信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取用户权限列表
        /// </summary>
        /// <param name="userID">用户帐号</param>
        /// <param name="ds">返回数据集合</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string userPowerList(string userID, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                ds = dbc.getDataSetBySql("select * from UserPower_T where UserID = '" + userID + "'");
                funResult.Code = 0;
                funResult.Msg = "获取用户权限列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取用户权限列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 保存用户权限信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="userIDStr">用户帐号串</param>
        /// <param name="funcCodeStr">功能编号串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string saveUserPower(string operatorID, string userIDStr, string funcCodeStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("SaveUserPower");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@UserIDStr", userIDStr);
                cmd.Parameters.AddWithValue("@FuncCodeStr", funcCodeStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "保存用户权限信息。（用户帐号：" + userIDStr + "，功能编号：" + funcCodeStr + "）");
                funResult.Code = 0;
                funResult.Msg = "保存用户权限信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "保存用户权限信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取角色信息列表
        /// </summary>
        /// <param name="keyword">关键字</param>
        /// <param name="pageSize">每页的记录数</param>
        /// <param name="currentPage">当前页码</param>
        /// <param name="pageCount">总页数</param>
        /// <param name="recCount">总记录数</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleList(string keyword, int pageSize, int currentPage, out int pageCount, out int recCount, out DataSet ds)
        {
            pageCount = 0;
            recCount = 0;
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                string strsql = "select * from Role_T";
                if (keyword != "")
                    strsql += " where RoleName like '%" + keyword + "%'";
                strsql += " order by OrderNo";
                ds = dbc.getPageDataSet(pageSize, currentPage, strsql, out recCount, out pageCount);
                funResult.Code = 0;
                funResult.Msg = "获取角色信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取角色信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取角色信息
        /// </summary>
        /// <param name="roleId">角色ID</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleInfo(int roleId, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                ds = dbc.getDataSetBySql("select * from Role_T where RoleID = " + roleId.ToString());
                funResult.Code = 0;
                funResult.Msg = "获取角色信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取角色信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 增加角色信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleName">角色名称</param>
        /// <param name="bak">备注说明</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleAdd(string operatorID, string roleName, string bak)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    declare @OrderNo int
                    select @OrderNo = max(OrderNo) from Role_T
                    if @OrderNo is null 
	                    set @OrderNo = 0
                    else
	                    set @OrderNo = @OrderNo + 1
                    insert into Role_T(RoleName, Bak, OrderNo, Creater) values (@RoleName, @Bak, @OrderNo, @Creater)
                    select @@Identity");
                cmd.Parameters.AddWithValue("@RoleName", roleName);
                cmd.Parameters.AddWithValue("@Bak", bak);
                cmd.Parameters.AddWithValue("@Creater", operatorID);
                string roleID = Convert.ToString(cmd.ExecuteScalar());
                SystemClass.recordLog(operatorID, "增加角色信息。（ID：" + roleID + "，名称：" + roleName + "）");
                funResult.Code = 0;
                funResult.Msg = "增加角色信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "增加角色信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }        

        /// <summary>
        /// 修改角色信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleID">角色ID</param>
        /// <param name="roleName">角色名称</param>
        /// <param name="bak">备注说明</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleModify(string operatorID, int roleID, string roleName, string bak)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("update Role_T set RoleName = @RoleName, Bak = @Bak where RoleID = @RoleID");
                cmd.Parameters.AddWithValue("@RoleName", roleName);
                cmd.Parameters.AddWithValue("@Bak", bak);
                cmd.Parameters.AddWithValue("@RoleID", roleID);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "修改角色信息。（ID：" + roleID + "，名称：" + roleName + "）");
                funResult.Code = 0;
                funResult.Msg = "修改角色信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "修改角色信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 删除角色信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleIDStr">角色ID串</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleDelete(string operatorID, string roleIDStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("RoleDelete");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@RoleIDStr", roleIDStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "删除角色信息。（ID：" + roleIDStr + "）");
                funResult.Code = 0;
                funResult.Msg = "删除角色信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "删除角色信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 调整角色顺序
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleID">角色ID</param>
        /// <param name="direct">方向（0：上移，1：下移）</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleAdjustSequence(string operatorID, int roleID, int direct)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand(@"
                    declare @OrderNo int
                    declare @ChgRoleID int, @ChgOrderNo int
                    select @OrderNo = OrderNo from Role_T where RoleID = @RoleID
                    if @Direct = 0
	                    select @ChgOrderNo = max(OrderNo) from Role_T where OrderNo < @OrderNo 
                    else 
	                    select @ChgOrderNo = min(OrderNo) from Role_T where OrderNo > @OrderNo 
                    select @ChgRoleID = RoleID from Role_T where OrderNo = @ChgOrderNo
                    update Role_T set OrderNo = @ChgOrderNo where RoleID = @RoleID
                    update Role_T set OrderNo = @OrderNo where RoleID = @ChgRoleID");
                cmd.Parameters.AddWithValue("@RoleID", roleID);
                cmd.Parameters.AddWithValue("@Direct", direct);
                cmd.ExecuteNonQuery();
                if (direct == 0)
                    SystemClass.recordLog(operatorID, "调整角色顺序。（ID：" + roleID.ToString() + "，方向：上移）");
                else
                    SystemClass.recordLog(operatorID, "调整角色顺序。（ID：" + roleID.ToString() + "，方向：下移）");
                funResult.Code = 0;
                funResult.Msg = "调整角色顺序成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "调整角色顺序失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取角色用户列表
        /// </summary>
        /// <param name="roleID">角色ID</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string roleUserList(int roleID, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                ds = dbc.getDataSetBySql("select * from UserRole_T where RoleID = " + roleID.ToString());
                funResult.Code = 0;
                funResult.Msg = "获取角色用户列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取角色用户列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 保存角色用户关系信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleIDStr">角色ID串</param>
        /// <param name="userIDStr">用户帐号串</param>        
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string saveRoleUser(string operatorID, string roleIDStr, string userIDStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("SaveRoleUser");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@RoleIDStr", roleIDStr);
                cmd.Parameters.AddWithValue("@UserIDStr", userIDStr);                
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "保存角色用户关系信息。（角色ID：" + roleIDStr + "，用户帐号：" + userIDStr + "）");
                funResult.Code = 0;
                funResult.Msg = "保存角色用户关系信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "保存角色用户关系信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 保存角色权限信息
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="roleIDStr">角色ID串</param>
        /// <param name="funcCodeStr">功能编号串</param>        
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string saveRolePower(string operatorID, string roleIDStr, string funcCodeStr)
        {
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("SaveRolePower");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@RoleIDStr", roleIDStr);
                cmd.Parameters.AddWithValue("@FuncCodeStr", funcCodeStr);
                cmd.ExecuteNonQuery();
                SystemClass.recordLog(operatorID, "保存角色权限信息。（角色ID：" + roleIDStr + "，功能编号：" + funcCodeStr + "）");
                funResult.Code = 0;
                funResult.Msg = "保存角色权限信息成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "保存角色权限信息失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取角色权限列表
        /// </summary>
        /// <param name="roleID">角色ID</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string rolePowerList(int roleID, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                ds = dbc.getDataSetBySql("select * from RolePower_T where RoleID = " + roleID.ToString());
                funResult.Code = 0;
                funResult.Msg = "获取角色权限列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取角色权限列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取操作员菜单信息列表
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string operatorMenuTree(string operatorID, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("GetOperatorMenuTree");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                ds = dbc.getDataSetBySqlCommand(cmd);
                funResult.Code = 0;
                funResult.Msg = "获取操作员菜单信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取操作员菜单信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取菜单内页信息列表
        /// </summary>
        /// <param name="operatorID">操作员帐号</param>
        /// <param name="menuNo">菜单编号</param>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string operatorSubPageList(string operatorID, string menuNo, out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("GetOperatorSubPageList");
                cmd.CommandType = CommandType.StoredProcedure;
                cmd.Parameters.AddWithValue("@OperatorID", operatorID);
                cmd.Parameters.AddWithValue("@MenuNo", menuNo);
                ds = dbc.getDataSetBySqlCommand(cmd);
                funResult.Code = 0;
                funResult.Msg = "获取菜单内页信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取菜单内页信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }

        /// <summary>
        /// 获取菜单、权限信息列表
        /// </summary>
        /// <param name="ds">返回数据集</param>
        /// <returns>返回代码和提示信息组合成的字符串</returns>
        public static string menuPowerTree(out DataSet ds)
        {
            ds = null;
            DBClass dbc = new DBClass();
            try
            {
                SqlCommand cmd = dbc.getSqlCommand("GetMenuPowerTree");
                cmd.CommandType = CommandType.StoredProcedure;
                ds = dbc.getDataSetBySqlCommand(cmd);
                funResult.Code = 0;
                funResult.Msg = "获取菜单、权限信息列表成功。";
            }
            catch (Exception ex)
            {
                funResult.Code = 13120000;
                funResult.Msg = "获取菜单、权限信息列表失败。" + ex.Message;
            }
            finally
            {
                dbc.close();
            }
            return funResult.RetStr;
        }
    }
}
